In my personal opinion, you can measure IT security just by the period that the underlying cryptosystem can withstand in worst case. Even cryptosystems with perfect security (like OTP) are prone to brute-force-attacks.
On the contrary, trust allegorizes a dichotomous property. Either you trust a party, or you do not.
Given the nonlinear dynamic probabilistic of possible cyber attacks the process of establishing and measuring level of trust provided remain to be challenge.